[Bug 192888] ipfw NAT vulnerable to simple DOS attacks

bugzilla-noreply Sun, 20 Sep 2020 04:26:57 -0700

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192888


l...@donnerhacke.de changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |l...@donnerhacke.de

--- Comment #2 from l...@donnerhacke.de ---
It seems that the problems still exists:
(Articles in German)
https://lutz.donnerhacke.de/Blog/Performance-Probleme-mit-NAT
https://lutz.donnerhacke.de/Blog/Wenn-der-Traceroute-Kreise-tanzt

It's a variant of the LAND attack https://en.wikipedia.org/wiki/LAND.

My solution is to use ipfw (which is used to activate NAT) to drop incoming
packets sourced from the public NAT IP. So simple antispoofing.

-- 
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

[Bug 192888] ipfw NAT vulnerable to simple DOS attacks

Reply via email to